NetFlow Threat Detection

NetFlow Network Behavior Analysis (NBA) systems have limited impact on detecting threats. They are only suitable as a second or perhaps third layer of threat detection. Some companies offering NetFlow Threat Detection tools would have you believe otherwise. Don't fall for it. "Gartner says NBA is suitable as a complementary technology to intrusion detection and prevention software, which is effective for addressing network attacks that can be positively identified." As a HUGE NetFlow and IPFIX supporter, I tend to agree that flow technologies can augment security practices, but can't replace them.